And, according to MJ Shoer, president of Jenaly Technology Group, cyber crime and cyber terrorism are about to be named the No. 1 threat to our nation.

Shoer issued the warning to a group of 25 owners and staff members of small- and mid-size businesses during a lunchtime seminar about cyber security. The event, sponsored by Jenaly, a Portsmouth-based IT provider, took place Wednesday, Nov. 14, at the Portsmouth Harbor Events & Conference Center.

The gist of the 90-minute seminar was that businesses are not as safe as they think they are. Shoer explained what businesses need to do to be safe online and in their office, and he offered practical action steps to that end.

Shoer founded Jenaly in 1997. He is an expert in cyber security, having authored two books and testified before Congress about the topic. In an interesting – but somewhat disturbing – aside, Shoer said, “The most fascinating thing about Congress is how clueless it is about cyber security.”

Besides excellence as an IT provider, Jenaly has also been recognized for its environmental practices as a business partner of the Green Alliance, a union of local sustainable businesses promoting environmentally sound business practices, and a green co-op offering discounted green products and services to its members.

On Wednesday, Shoer told attendees that, mostly because of automated software programs, but also because of individual hackers’ efforts, tens of thousands to hundreds of thousands of attempts occur each day to breach each business represented at the seminar. Many of the attempts come from organized crime groups in Eastern Europe. In fact, so many residents of one Romanian town dedicate themselves to hacking, that the FBI has stationed its only overseas field office just outside of town.

Shoer cited the $10 million loss Subway restaurants sustained when hackers exploited a default username and password combination for remote access hardware. “Password security is the biggest issue out there,” he said. “Sixty-one percent of people reuse the same password on multiple Web sites.” He said business people – everyone, really – should use different passwords for different purposes: business, personal, shopping, banking, etc.

“Banks are under attack,” he said. “It’s a modern-day war front.” And our electric grid is vulnerable. For companies doing millions of dollars of business a day, or more modest amounts, “What if you can’t do that for a week?” he asked rhetorically, noting that there has been a 300 percent increase in the number of data breaches since 2010.

“Password management is the leading cause of data breach,” he said, telling business people to change password strategies, using password phrases and including spaces, symbols, a combination of upper- and lower-case letters and numbers. He also advised using a “password manager” that uses both a password and a pin number with a high degree of “encryption” — which is the translation of data into a secret code.

Soon passwords of fewer than eight characters will no longer be permitted, he said, and biometrics – such as using finger prints – will be a more widely used security measure.

“A good encryption manager is a step in the right direction,” Shoer said, while noting that FBI agents told Congress: “Nothing is 100 percent safe.” “The brutal truth,” Shoer added, “is if someone wants to hack you, he will be able to do it. The only question is if you find out before he does much damage.”

Medical records are a target for hackers, not so much for the information they hold in files, but as a vessel by which to mask hackers to do damage to third-parties. He suggested that online banking be done on a “dedicated machine,” that is, one that only does online banking.

Shoer advised attendees to:

• Install a managed firewall with application filtering and human-level reporting and intrusion prevention into their networks.

• Install external email security scanning. Emails are the second most numerous attack point on a network.

• Install a firewall-based anti-virus/anti malware detection program.

• Install a secured wireless access point.

• Install “rogue device” detection. “Everything gets shared with everybody these days,” Shoer said of younger people, who connect to each other with multiple devices, exposing networks to attack.

• Implement USB/portable device detection/prevention.

• Institute a strong password policy.

Minimum computer best policies he advised included:

• Keep the firewall on at all times

• Use anti-virus and anti-malware software.

• Keep software up to date.

• Be very careful with downloads, email links, and never click on pop-ups. While obviously forbidden to watch at work, porn Web sites and sports-information sites expose computers to danger. “Don’t drive in bad neighborhoods,” an FBI agent has warned in reference to suspect Web sites. Shoer suggested companies install a couple of computers with web access but not connected to the network if people absolutely need to catch up on the latest scores.

Using the Nook or Kindle on a wireless network is “a huge breach point,” Shoer said. “There is no way that they’re designed to be in the business world.” The iPhone and iPad can have a higher degree of security. But in the end, “I don’t see a need to connect a portable device to a network except for corporate email,” he said.

For mobile devices, best practices include:

• Use device encryption.

• Use mobile device managerial software.

• Restrict access to what’s only necessary for corporate data and networks.

• Enforce wireless encryption policies.

• Do not allow personal devices on the company network.

• Institute a clear “backup policy.”

• It’s best to only support company-issued devices.

However, for all the technical countermeasures to cyber attacks, Shoer said, “you and I are still the biggest danger, and we’re the last line of defense.”

For more information about Jenaly Technology Group, visit www.jenaly.com. And for more information about the Green Alliance, visit www.greenalliance.biz.